2024-05-06 12:56:56 +08:00
|
|
|
|
package hae.instances.http;
|
|
|
|
|
|
|
|
|
|
|
|
import burp.api.montoya.MontoyaApi;
|
|
|
|
|
|
import burp.api.montoya.core.Annotations;
|
|
|
|
|
|
import burp.api.montoya.core.HighlightColor;
|
|
|
|
|
|
import burp.api.montoya.http.handler.*;
|
|
|
|
|
|
import burp.api.montoya.http.message.HttpRequestResponse;
|
|
|
|
|
|
import burp.api.montoya.http.message.requests.HttpRequest;
|
|
|
|
|
|
import hae.component.board.message.MessageTableModel;
|
2024-05-23 12:00:13 +08:00
|
|
|
|
import hae.instances.editor.RequestEditor;
|
2024-05-06 12:56:56 +08:00
|
|
|
|
import hae.instances.http.utils.MessageProcessor;
|
2024-05-23 12:00:13 +08:00
|
|
|
|
import hae.utils.config.ConfigLoader;
|
2024-05-06 12:56:56 +08:00
|
|
|
|
import hae.utils.string.StringProcessor;
|
|
|
|
|
|
|
2024-05-12 19:02:38 +08:00
|
|
|
|
import java.util.ArrayList;
|
|
|
|
|
|
import java.util.Arrays;
|
|
|
|
|
|
import java.util.List;
|
|
|
|
|
|
import java.util.Map;
|
2024-05-06 12:56:56 +08:00
|
|
|
|
|
|
|
|
|
|
public class HttpMessageHandler implements HttpHandler {
|
|
|
|
|
|
private final MontoyaApi api;
|
2024-05-23 12:00:13 +08:00
|
|
|
|
private final ConfigLoader configLoader;
|
2024-05-12 19:02:38 +08:00
|
|
|
|
private final MessageTableModel messageTableModel;
|
2024-05-06 12:56:56 +08:00
|
|
|
|
private final MessageProcessor messageProcessor;
|
|
|
|
|
|
|
|
|
|
|
|
// Montoya API对HTTP消息的处理分为了请求和响应,因此此处设置高亮和标记需要使用全局变量的方式,以此兼顾请求和响应
|
|
|
|
|
|
// 同时采用 ThreadLocal 来保证多线程并发的情况下全局变量的安全性
|
2024-05-12 19:02:38 +08:00
|
|
|
|
private final ThreadLocal<String> host = ThreadLocal.withInitial(() -> "");
|
2024-05-06 12:56:56 +08:00
|
|
|
|
private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new);
|
|
|
|
|
|
private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new);
|
|
|
|
|
|
private final ThreadLocal<Boolean> matches = ThreadLocal.withInitial(() -> false);
|
|
|
|
|
|
private final ThreadLocal<HttpRequest> httpRequest = new ThreadLocal<>();
|
|
|
|
|
|
|
2024-05-23 12:00:13 +08:00
|
|
|
|
public HttpMessageHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
|
2024-05-06 12:56:56 +08:00
|
|
|
|
this.api = api;
|
2024-05-23 12:00:13 +08:00
|
|
|
|
this.configLoader = configLoader;
|
2024-05-06 12:56:56 +08:00
|
|
|
|
this.messageTableModel = messageTableModel;
|
|
|
|
|
|
this.messageProcessor = new MessageProcessor(api);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent httpRequestToBeSent) {
|
|
|
|
|
|
colorList.get().clear();
|
|
|
|
|
|
commentList.get().clear();
|
|
|
|
|
|
|
|
|
|
|
|
Annotations annotations = httpRequestToBeSent.annotations();
|
|
|
|
|
|
|
|
|
|
|
|
httpRequest.set(httpRequestToBeSent);
|
|
|
|
|
|
|
2024-05-12 19:02:38 +08:00
|
|
|
|
host.set(StringProcessor.getHostByUrl(httpRequestToBeSent.url()));
|
2024-05-06 12:56:56 +08:00
|
|
|
|
|
2024-05-23 12:00:13 +08:00
|
|
|
|
String[] hostList = configLoader.getBlockHost().split("\\|");
|
|
|
|
|
|
boolean isBlockHost = RequestEditor.isBlockHost(hostList, host.get());
|
|
|
|
|
|
|
|
|
|
|
|
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
|
|
|
|
|
|
matches.set(suffixList.contains(httpRequestToBeSent.fileExtension().toLowerCase()) || isBlockHost);
|
2024-05-06 12:56:56 +08:00
|
|
|
|
|
|
|
|
|
|
if (!matches.get()) {
|
2024-05-12 19:02:38 +08:00
|
|
|
|
List<Map<String, String>> result = messageProcessor.processRequest(host.get(), httpRequestToBeSent, true);
|
2024-05-06 12:56:56 +08:00
|
|
|
|
setColorAndCommentList(result);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return RequestToBeSentAction.continueWith(httpRequestToBeSent, annotations);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived httpResponseReceived) {
|
|
|
|
|
|
Annotations annotations = httpResponseReceived.annotations();
|
|
|
|
|
|
|
|
|
|
|
|
if (!matches.get()) {
|
2024-05-12 19:02:38 +08:00
|
|
|
|
List<Map<String, String>> result = messageProcessor.processResponse(host.get(), httpResponseReceived, true);
|
2024-05-06 12:56:56 +08:00
|
|
|
|
setColorAndCommentList(result);
|
|
|
|
|
|
// 设置高亮颜色和注释
|
|
|
|
|
|
if (!colorList.get().isEmpty() && !commentList.get().isEmpty()) {
|
|
|
|
|
|
String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList.get()));
|
|
|
|
|
|
annotations.setHighlightColor(HighlightColor.highlightColor(color));
|
|
|
|
|
|
String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
|
|
|
|
|
|
annotations.setNotes(comment);
|
|
|
|
|
|
|
|
|
|
|
|
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(httpRequest.get(), httpResponseReceived);
|
|
|
|
|
|
|
|
|
|
|
|
// 添加到Databoard
|
|
|
|
|
|
messageTableModel.add(httpRequestResponse, comment, color);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return ResponseReceivedAction.continueWith(httpResponseReceived, annotations);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private void setColorAndCommentList(List<Map<String, String>> result) {
|
|
|
|
|
|
if (result != null && !result.isEmpty() && result.size() > 0) {
|
|
|
|
|
|
colorList.get().add(result.get(0).get("color"));
|
|
|
|
|
|
commentList.get().add(result.get(1).get("comment"));
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
